CVE-2025-65496 – A NULL pointer dereference vulnerability in OIS... (How to Fix)

Q: What is the severity of CVE-2025-65496?

CVE-2025-65496 has a CVSS score of 4.3 (MEDIUM). A NULL pointer dereference vulnerability in OISM libcoap's DTLS implementation allows remote attackers to crash applications using the library via a specially crafted DTLS handshake. This affects any system running libcoap 4.3.5 with DTLS enabled. The vulnerability causes denial of service but does not allow code execution.

📋 TL;DR

A NULL pointer dereference vulnerability in OISM libcoap's DTLS implementation allows remote attackers to crash applications using the library via a specially crafted DTLS handshake. This affects any system running libcoap 4.3.5 with DTLS enabled. The vulnerability causes denial of service but does not allow code execution.

💻 Affected Systems

Products:

OISM libcoap

Versions: 4.3.5

Operating Systems: All platforms where libcoap is compiled with OpenSSL/DTLS support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when DTLS is enabled and compiled with OpenSSL support. Systems using libcoap without DTLS or with other TLS backends are not affected.

📦 What is this software?

Libcoap by Libcoap

View all CVEs affecting Libcoap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service for all users of the affected service, potentially disrupting critical IoT or network communication functions.

🟠

Likely Case

Service disruption for applications using libcoap's DTLS functionality, requiring restart of affected processes.

🟢

If Mitigated

Minimal impact if DTLS is disabled or if the application has robust crash recovery mechanisms.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a crafted DTLS handshake to a vulnerable endpoint. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.6 or later

Vendor Advisory: https://github.com/obgm/libcoap/issues/1745

Restart Required: Yes

Instructions:

1. Update libcoap to version 4.3.6 or later. 2. Recompile any applications using libcoap. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DTLS

all

Disable DTLS functionality in libcoap if not required

Recompile libcoap with --disable-dtls configure flag
Modify application configuration to disable DTLS

Network filtering

linux

Block DTLS handshake packets at network perimeter

iptables -A INPUT -p udp --dport 5684 -j DROP
Configure firewall to block UDP port 5684

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Deploy intrusion prevention systems to detect and block malicious DTLS handshakes

🔍 How to Verify

Check if Vulnerable:

Check libcoap version and DTLS configuration: ldd /path/to/application | grep libcoap and check application config

Check Version:

coap-client --version 2>&1 | grep libcoap

Verify Fix Applied:

Verify libcoap version is 4.3.6 or later and test DTLS functionality

📡 Detection & Monitoring

Log Indicators:

Application crash logs mentioning libcoap
Segmentation fault errors in system logs
Unexpected service restarts

Network Indicators:

Unusual DTLS handshake patterns
Multiple failed DTLS connections from single source

SIEM Query:

source="*syslog*" AND ("segmentation fault" OR "libcoap" OR "coap")

📊 Metadata

CVE ID: CVE-2025-65496

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-476

EPSS Score: 0.14% exploit probability (34th percentile)

Published: November 24, 2025

Last Updated: December 1, 2025

🔗 References

https://github.com/obgm/libcoap/issues/1745 Issue Tracking
https://github.com/obgm/libcoap/pull/1750 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65496, you might also want to check these: